It is surprising that thieves don’t target data centres more often. All that expensive kit and copper is worth a pretty penny, not to mention all the data that’s on it.
Several BT exchanges have been hit, along with facilities owned by C&W. But of course, thieves don’t always need to get in to wreak havoc: data centres can be …

COMMENTS

The last time...

...an accountant told me how to improve security I almost split my sides in laughter. I showed him a screenshot of our network neighborhood where through his laptop and VPN we could see 1400 of the accounting firms internal workstations and servers. They had cryptic names like "BANKING" "PAYROLL" and "HRFiles". He shut up and left soon after.

IT Security should be mandated by those who know about IT security and not a CPA who wants to pad out his bill for his annual corporate audit by telling us to change our passwords regularly. It should also be noted that there can never be a central IT security policy for everyone because A) no two organizations are ever the same and B) support from the executive branch varies by ego. Some execs get it, others are oblivious and look at security as an inconvenience that only applies to others. They are the worse threat to any security plan.

I was once asked how to provide,...

Insufficient.

The traditional approach to security includes a step whereby anyone who worked on the system and the designer of the system was put to death. Security by obscurity may be somewhat discredited these days, but as part of a defense in depth it has its merits.

Anyway, we are all very pleased with your work, and will be throwing a party in honour of your tremendous success. Please lie on your stomach with your arms at your sides. A party associate will arrive shortly to collect you for your party

Unbelievable. You, Ru, must be the pride of [subject hometown here]!"

Cover all your bases

I agree with the general thrust of this article: you need to think about all the different physical aspects of data centre security, as well as hacking. Unfortunately with the criminal masterminds out there currently, there are all sorts of cunning and sometimes not so cunning, but devastatingly effective ways to get into a data centre. You can't just assume that by locking the doors and issuing ID cards, people won't get in. People can get into a data centre just by tailgating the person in front of them, so you need to think about simple methods as well as the more complex ones. Use of biometrics with turnstiles is one way to improve physical security. Biometrics can't be faked, so you're far less likely to get the wrong people gaining access. Turnstiles - unless someone obviously jumps over them - give that extra physical barrier that can prevent people sneaking in. Just a thought...

4 P's...........

Using the good old 4 Ps in ITIL, People, Process, Products, and Partners getting the balance right and not relying on one aspect is the key here. Although easier said than done, people will always try their luck....

Is deperimeterisation a word?

If you remove the outer security perimeters for a Data Centre you will have a nasty surprise when rioters decide to visit your site. No, as the normans discovered with their castles, you need multiple layers of physical security as well as detection systems to deal with intruders and malcontent insiders.

I've been setting up physical IT security on IT sites for years now. The first essential, of many, is to design physical security into your building from scratch. The cost of failure can be far greater than the cost of prevention.

@Rosie

Data Centres

The upward trend in the growth of data center energy usage has slowed, according to a new study from Stanford professor Jonathan Koomey. The report found that data center power consumption increased by 36 percent from 2005 to 2010, a much smaller increase than the 100 percent gain projected in an influential study Koomey prepared in 2007. see http://www.datacentredesign.co